=== 2.4.8 / 2015-06-08
Bug fixes:
* Tightened API endpoint checks for CVE-2015-3900
=== 2.4.7 / 2015-05-14
Bug fixes:
* Backport: Limit API endpoint to original security domain for CVE-2015-3900.
Fix by claudijd
From release announce:
We are pleased to announce the release of Ruby 2.2.2. This is a TEENY version
release of the stable 2.2 series.
This release includes the security fix for a OpenSSL extension¡Çs hostname
verification vulnerability.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
There are also some bugfixes. See ChangeLog for details.
From release announce:
Ruby 2.1.6 has been released.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
And, many bug fixes are also included. See tickets and ChangeLog for details.
From release announce:
We are pleased to announce the release of Ruby 2.0.0-p645.
This release includes a security fix for OpenSSL extension. Please view the
topic below for more details.
CVE-2015-1855: Ruby OpenSSL Hostname Verification
Ruby 2.0.0 is now under the state of the security maintenance phase, until
Feb. 24th, 2016. After the date, maintenance of Ruby 2.0.0 will be ended. We
recommend you start planning migration to newer versions of Ruby, such as 2.1
or 2.2.
This release includes the security fix mentioned above along with small
changes required for test environment (that shouldn¡Çt affect normal users).
See ChangeLog for full details.
This is the last ordinal release of Ruby 2.0.0. Ruby 2.0.0 goes into the
state of the security maintenance phase, and will never be released unless
any critical regressions or security issues are found. This phase is planned
to be maintained for 1 year. Then, maintenance of Ruby 2.0.0 will be ended
at Feb. 24th, 2016. We recommend to start planning to migrate to newer
versions of Ruby, such as 2.1 or 2.2.
pkgsrc change:
* Change "os" of Gem::Platform, now it change the case of "netbsd" only.
* Reduce patches to builtin rubygems.
* Simplify Gem::Specification definition.
* Remove some pkgsrc specific modifications.
=== 2.4.6 / 2014-02-05
Bug fixes:
* Fixed resolving gems with both upper and lower requirement boundaries.
Issue #1141 by Jakub Jirutka.
* Moved extension directory after require_paths to fix missing constant bugs
in some gems with C extensions. Issue #784 by Andr«± Arko, pull request
#1137 by Barry Allard.
* Use Gem::Dependency#requirement when adding a dependency to an existing
dependency instance. Pull request #1101 by Josh Cheek.
* Fixed warning of shadowed local variable in Gem::Specification. Pull request
#1109 by Rohit Arondekar
* Gem::Requirement should always sort requirements before coercion to Hash.
Pull request #1139 by Eito Katagiri.
* The `gem open` command should change the current working directory before
opening the editor. Pull request #1142 by Alex Wood.
* Ensure quotes are stripped from the Windows launcher script used to install
gems. Pull request #1115 by Youngjun Song.
* Fixed errors when writing to NFS to to 0444 files. Issue #1161 by Emmanuel
Hadoux.
* Removed dead code in Gem::StreamUI. Pull request #1117 by mediaslave24.
* Fixed typos. Pull request #1096 by hakeda.
* Relaxed CMake dependency for RHEL 6 and CentOS 6. Pull request #1124 by V«¿t
Ondruch.
* Relaxed Psych dependency. Pull request #1128 by V«¿t Ondruch.
2.2. It affects ruby 2.1 only.
* Binary packages' file name start with "ruby21-" instead of "ruby215-".
* ${PREFIX}/include/ruby-2.1.5 are changed from ${PREFIX}/include/ruby-2.1.5
to ${PREFIX}/include/ruby-2.1.0.
* ${PREFIX}/lib/ruby/2.1.5 and ${PREFIX}/lib/ruby/gem/2.1.5 are changed
to ${PREFIX}/lib/ruby/2.1.0 and ${PREFIX}/lib/ruby/gem/2.1.0.
Ruby 2.1.4 is released
Ruby 2.1.4 has been released.
This release includes security fixes for the following vulnerabilities:
* CVE-2014-8080: Denial Of Service XML Expansion
* Changed default settings of ext/openssl related to CVE-2014-3566
And there are some bug-fixes.
See tickets and ChangeLog for details.
Ruby 2.1.3 Released
We are pleased to announce the release of Ruby 2.1.3. This is a patchlevel
release of the stable 2.1 series.
This release contains a change of full GC timing to reduce memory consumption
(see Bug #9607), and many bugfixes.
See tickets and ChangeLog for details.
Ruby 2.0.0-p594 Released
We are pleased to announce the release of Ruby 2.0.0-p594.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, many bug fixes are also included. See tickets and ChangeLog for details.
Ruby 2.0.0-p576 Released
We are pleased to announce the release of Ruby 2.0.0-p576, to celebrate the
holding of RubyKaigi2014 in Japan now.
This release includes many bugfixes, such as:
* many fixes of memory leaks and using extra memory.
* many fixes of platform-specific issues (especially in build process).
* many document fixes.
See tickets and ChangeLog for details.
Ruby 1.9.3-p550 Released
We are pleased to announce the release of Ruby 1.9.3-p550.
This release includes a security fix for DoS vulnerability of REXML.
* CVE-2014-8080: Denial Of Service XML Expansion
This release also includes the change of default settings of
ext/openssl. Insecure SSL/TLS options are now turn off by default.
* Changed default settings of ext/openssl
And, in addition, bandled jQuery for darkfish template of RDoc is also
updated.
Almost no functional change to existing packages.
Wed May 14 17:35:32 2014 NAKAMURA Usaku <usa@ruby-lang.org>
* common.mk: need to quote $BASERUBY because it may includes options.
this change is only for release management, not bug fix.
[Backport #9837] [ruby-dev:48218]
Mon Mar 31 15:38:07 2014 Nobuyoshi Nakada <nobu@ruby-lang.org>
* ext/openssl/ossl.c (ossl_make_error): check NULL for unknown
error reasons with old OpenSSL, and insert a colon iff formatted
message is not empty.
Quote from release announce:
This release contains a fix for a regression of Hash#reject in Ruby 2.1.1,
support for build with Readline-6.3 (see Bug #9578), an updated bundled
version of libyaml with psych, and some bug fixes.
For details, please refer ChangeLog.
Including many bug fixes:
* support for build with Readline-6.3
* a fix for old OpenSSL (regression in p451)
* an updated bundled version of libyaml (see Heap Overflow in YAML URI Escape Parsing (CVE-2014-2525))
For detail, please refer ChangeLog.
pkgsrc chagnges:
* Use RUBY_SUFFIX instead of RUBY_VER for appropriate place.
* Detect NetBSD correctly in Gem::Platform.
Quote from release announce:
This release includes many bugfixes. See tickets and ChangeLog for details.
